am b25302e1: Do not log passwords returned through vdc
* commit 'b25302e1b0232ac2f9d6ffa441f2ab1ff23a2de3':
Do not log passwords returned through vdc
diff --git a/Android.mk b/Android.mk
index d90b1c2..419fe5c 100644
--- a/Android.mk
+++ b/Android.mk
@@ -23,8 +23,6 @@
system/extras/ext4_utils \
system/extras/f2fs_utils \
external/openssl/include \
- external/stlport/stlport \
- bionic \
external/scrypt/lib/crypto \
frameworks/native/include \
system/security/keystore \
@@ -33,7 +31,6 @@
common_shared_libraries := \
libsysutils \
- libstlport \
libbinder \
libcutils \
liblog \
@@ -56,30 +53,28 @@
include $(CLEAR_VARS)
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_MODULE := libvold
-
+LOCAL_CLANG := true
LOCAL_SRC_FILES := $(common_src_files)
-
LOCAL_C_INCLUDES := $(common_c_includes)
-
LOCAL_SHARED_LIBRARIES := $(common_shared_libraries)
-
LOCAL_STATIC_LIBRARIES := $(common_static_libraries)
-
LOCAL_MODULE_TAGS := eng tests
+LOCAL_CXX_STL := libc++
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_MODULE:= vold
-
+LOCAL_CLANG := true
LOCAL_SRC_FILES := \
main.cpp \
$(common_src_files)
LOCAL_C_INCLUDES := $(common_c_includes)
-
LOCAL_CFLAGS := -Werror=format
ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
@@ -89,21 +84,17 @@
endif
LOCAL_SHARED_LIBRARIES := $(common_shared_libraries)
-
LOCAL_STATIC_LIBRARIES := $(common_static_libraries)
+LOCAL_CXX_STL := libc++
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+LOCAL_CLANG := true
LOCAL_SRC_FILES:= vdc.c
-
LOCAL_MODULE:= vdc
-
-LOCAL_C_INCLUDES :=
-
-LOCAL_CFLAGS :=
-
LOCAL_SHARED_LIBRARIES := libcutils
include $(BUILD_EXECUTABLE)
diff --git a/DirectVolume.cpp b/DirectVolume.cpp
index cfa1e0b..64d7744 100644
--- a/DirectVolume.cpp
+++ b/DirectVolume.cpp
@@ -321,11 +321,17 @@
char msg[255];
bool enabled;
- if (mVm->shareEnabled(getLabel(), "ums", &enabled) == 0 && enabled) {
+ SLOGD("Volume %s %s disk %d:%d removed\n", getLabel(), getMountpoint(), major, minor);
+ if ((dev_t) MKDEV(major, minor) == mCurrentlyMountedKdev) {
+ /*
+ * Yikes, our mounted disk is going away!
+ */
+
+ doUnmount(major, minor);
+ } else if (mVm->shareEnabled(getLabel(), "ums", &enabled) == 0 && enabled) {
mVm->unshareVolume(getLabel(), "ums");
}
- SLOGD("Volume %s %s disk %d:%d removed\n", getLabel(), getMountpoint(), major, minor);
snprintf(msg, sizeof(msg), "Volume %s %s disk removed (%d:%d)",
getLabel(), getFuseMountpoint(), major, minor);
mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeDiskRemoved,
@@ -352,29 +358,12 @@
if (state != Volume::State_Mounted && state != Volume::State_Shared) {
return;
}
-
+
if ((dev_t) MKDEV(major, minor) == mCurrentlyMountedKdev) {
/*
* Yikes, our mounted partition is going away!
*/
-
- bool providesAsec = (getFlags() & VOL_PROVIDES_ASEC) != 0;
- if (providesAsec && mVm->cleanupAsec(this, true)) {
- SLOGE("Failed to cleanup ASEC - unmount will probably fail!");
- }
-
- snprintf(msg, sizeof(msg), "Volume %s %s bad removal (%d:%d)",
- getLabel(), getFuseMountpoint(), major, minor);
- mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeBadRemoval,
- msg, false);
-
- if (Volume::unmountVol(true, false)) {
- SLOGE("Failed to unmount volume on bad removal (%s)",
- strerror(errno));
- // XXX: At this point we're screwed for now
- } else {
- SLOGD("Crisis averted");
- }
+ doUnmount(major, minor);
} else if (state == Volume::State_Shared) {
/* removed during mass storage */
snprintf(msg, sizeof(msg), "Volume %s bad removal (%d:%d)",
@@ -391,6 +380,27 @@
}
}
+void DirectVolume::doUnmount(int major, int minor) {
+ char msg[255];
+ bool providesAsec = (getFlags() & VOL_PROVIDES_ASEC) != 0;
+ if (providesAsec && mVm->cleanupAsec(this, true)) {
+ SLOGE("Failed to cleanup ASEC - unmount will probably fail!");
+ }
+
+ snprintf(msg, sizeof(msg), "Volume %s %s bad removal (%d:%d)",
+ getLabel(), getFuseMountpoint(), major, minor);
+ mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeBadRemoval,
+ msg, false);
+
+ if (Volume::unmountVol(true, false)) {
+ SLOGE("Failed to unmount volume on bad removal (%s)",
+ strerror(errno));
+ // XXX: At this point we're screwed for now
+ } else {
+ SLOGD("Crisis averted");
+ }
+}
+
/*
* Called from base to get a list of devicenodes for mounting
*/
diff --git a/DirectVolume.h b/DirectVolume.h
index 5e0df74..96f46af 100644
--- a/DirectVolume.h
+++ b/DirectVolume.h
@@ -84,6 +84,7 @@
void handlePartitionChanged(const char *devpath, NetlinkEvent *evt);
int doMountVfat(const char *deviceNode, const char *mountPoint);
+ void doUnmount(int major, int minor);
};
diff --git a/Loop.cpp b/Loop.cpp
index 11c114f..ca26093 100644
--- a/Loop.cpp
+++ b/Loop.cpp
@@ -35,6 +35,7 @@
#include <sysutils/SocketClient.h>
#include "Loop.h"
#include "Asec.h"
+#include "sehandle.h"
int Loop::dumpState(SocketClient *c) {
int i;
@@ -132,6 +133,7 @@
for (i = 0; i < LOOP_MAX; i++) {
struct loop_info64 li;
int rc;
+ char *secontext = NULL;
sprintf(filename, "/dev/block/loop%d", i);
@@ -141,12 +143,29 @@
*/
mode_t mode = 0660 | S_IFBLK;
unsigned int dev = (0xff & i) | ((i << 12) & 0xfff00000) | (7 << 8);
+
+ if (sehandle) {
+ rc = selabel_lookup(sehandle, &secontext, filename, S_IFBLK);
+ if (rc == 0)
+ setfscreatecon(secontext);
+ }
+
if (mknod(filename, mode, dev) < 0) {
if (errno != EEXIST) {
+ int sverrno = errno;
SLOGE("Error creating loop device node (%s)", strerror(errno));
+ if (secontext) {
+ freecon(secontext);
+ setfscreatecon(NULL);
+ }
+ errno = sverrno;
return -1;
}
}
+ if (secontext) {
+ freecon(secontext);
+ setfscreatecon(NULL);
+ }
if ((fd = open(filename, O_RDWR)) < 0) {
SLOGE("Unable to open %s (%s)", filename, strerror(errno));
diff --git a/Volume.cpp b/Volume.cpp
index ca56d1c..bfad29d 100644
--- a/Volume.cpp
+++ b/Volume.cpp
@@ -48,6 +48,7 @@
#include "Fat.h"
#include "Process.h"
#include "cryptfs.h"
+#include "sehandle.h"
extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d);
extern "C" void dos_partition_enc(void *pp, struct dos_partition *d);
@@ -219,13 +220,30 @@
}
int Volume::createDeviceNode(const char *path, int major, int minor) {
+ char *secontext = NULL;
mode_t mode = 0660 | S_IFBLK;
dev_t dev = (major << 8) | minor;
+ int rc;
+ if (sehandle) {
+ rc = selabel_lookup(sehandle, &secontext, path, S_IFBLK);
+ if (rc == 0)
+ setfscreatecon(secontext);
+ }
if (mknod(path, mode, dev) < 0) {
if (errno != EEXIST) {
+ int sverrno = errno;
+ if (secontext) {
+ freecon(secontext);
+ setfscreatecon(NULL);
+ }
+ errno = sverrno;
return -1;
}
}
+ if (secontext) {
+ setfscreatecon(NULL);
+ freecon(secontext);
+ }
return 0;
}
@@ -252,7 +270,7 @@
dev_t diskNode = getDiskDevice();
dev_t partNode =
MKDEV(MAJOR(diskNode),
- MINOR(diskNode) + (formatEntireDevice ? 1 : mPartIdx));
+ MINOR(diskNode) + (formatEntireDevice ? 0 : mPartIdx));
setState(Volume::State_Formatting);
diff --git a/cryptfs.c b/cryptfs.c
index e9d6afb..480e6ca 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -1302,7 +1302,8 @@
}
/* Initialize the decryption engine */
- if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+ EVP_CIPHER_CTX_init(&e_ctx);
+ if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
SLOGE("EVP_EncryptInit failed\n");
return -1;
}
@@ -1314,7 +1315,7 @@
SLOGE("EVP_EncryptUpdate failed\n");
return -1;
}
- if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
+ if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
SLOGE("EVP_EncryptFinal failed\n");
return -1;
}
@@ -1364,7 +1365,8 @@
}
/* Initialize the decryption engine */
- if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+ EVP_CIPHER_CTX_init(&d_ctx);
+ if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
return -1;
}
EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
@@ -1373,7 +1375,7 @@
encrypted_master_key, KEY_LEN_BYTES)) {
return -1;
}
- if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
+ if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
return -1;
}
diff --git a/main.cpp b/main.cpp
index d4b7d28..c07f48d 100644
--- a/main.cpp
+++ b/main.cpp
@@ -36,6 +36,7 @@
#include "NetlinkManager.h"
#include "DirectVolume.h"
#include "cryptfs.h"
+#include "sehandle.h"
static int process_config(VolumeManager *vm);
static void coldboot(const char *path);
@@ -43,6 +44,8 @@
#define FSTAB_PREFIX "/fstab."
struct fstab *fstab;
+struct selabel_handle *sehandle;
+
int main() {
VolumeManager *vm;
@@ -51,6 +54,10 @@
SLOGI("Vold 2.1 (the revenge) firing up");
+ sehandle = selinux_android_file_context_handle();
+ if (sehandle)
+ selinux_android_set_sehandle(sehandle);
+
mkdir("/dev/block/vold", 0755);
/* For when cryptfs checks and mounts an encrypted filesystem */
diff --git a/sehandle.h b/sehandle.h
new file mode 100644
index 0000000..f59d7eb
--- /dev/null
+++ b/sehandle.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _SEHANDLE_H
+#define _SEHANDLE_H
+
+#include <selinux/android.h>
+
+extern struct selabel_handle *sehandle;
+
+#endif
diff --git a/tests/Android.mk b/tests/Android.mk
index 8ae4b5d..bcdcfca 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -1,36 +1,20 @@
# Build the unit tests.
LOCAL_PATH := $(call my-dir)
+
include $(CLEAR_VARS)
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-test_src_files := \
- VolumeManager_test.cpp
+LOCAL_C_INCLUDES := \
+ system/core/fs_mgr/include \
+ external/openssl/include \
-shared_libraries := \
- liblog \
- libstlport \
- libcrypto
+LOCAL_SHARED_LIBRARIES := \
+ liblog \
+ libcrypto \
-static_libraries := \
- libvold \
- libgtest \
- libgtest_main
+LOCAL_STATIC_LIBRARIES := libvold
+LOCAL_SRC_FILES := VolumeManager_test.cpp
+LOCAL_MODULE := vold_tests
+LOCAL_MODULE_TAGS := eng tests
-c_includes := \
- external/openssl/include \
- bionic \
- bionic/libstdc++/include \
- external/gtest/include \
- external/stlport/stlport
-
-module_tags := eng tests
-
-$(foreach file,$(test_src_files), \
- $(eval include $(CLEAR_VARS)) \
- $(eval LOCAL_SHARED_LIBRARIES := $(shared_libraries)) \
- $(eval LOCAL_STATIC_LIBRARIES := $(static_libraries)) \
- $(eval LOCAL_C_INCLUDES := $(c_includes)) \
- $(eval LOCAL_SRC_FILES := $(file)) \
- $(eval LOCAL_MODULE := $(notdir $(file:%.cpp=%))) \
- $(eval LOCAL_MODULE_TAGS := $(module_tags)) \
- $(eval include $(BUILD_EXECUTABLE)) \
-)
+include $(BUILD_NATIVE_TEST)